Module 1: Introduction

Course: Network Security

Administration
• This lecture uses materials from multiple reference sources as follows:
- Lecture of Cisco CyberOps Associate
- Mark Ciampa. CompTIA Security+ Guide to Network Security
Fundamentals.
- Matt Bishop, Computer Security: Art and Science (ISBN: 0-201-44099-
7), Addison-Wesley 2003

2
Module Objectives
Module Title: Introduction

Module Objective: Introduce Network security and Explain why networks and data are attacked.

Topic Title Topic Objective

Introduction Introduce Network security and Terminologies
War Stories Explain why networks and data are attacked.
Threat Actors Explain the motivations of the threat actors behind specific security incidents.
Threat Impact Explain the potential impact of network security attacks.

3
Difficulties in Defending Against Attacks

• Universally connected devices

• Increased speed of attacks
• Greater sophistication of attacks
• Availability and simplicity of attack tools
• Faster detection of vulnerabilities

4
Difficulties in Defending Against Attacks

5
Difficulties in Defending Against Attacks

• Delays in security updating

• Weak security update distribution
• Distributed attacks
• Introduction of BYOD
• User confusion

6
What Is Network Security?

• Before defense is possible, one must understand:

• Exactly what security is
• How security relates to network security
• The terminology that relates to network security

7
Understanding Security

• Security is:
• The goal to be free from danger
• The process that achieves that freedom
• Harm/danger may come from one of two sources:
• From a direct action that is intended to inflict
damage
• From an indirect and unintentional action
• As security is increased, convenience is often
decreased
• The more secure something is, the less convenient it
may become to use
8
Understanding Security

Relationship of security to convenience

Source: CompTIA Security+ Guide to network security fundamental

9
Network Security and Information Security
• Network security - is the protection of the underlying networking infrastructure
from unauthorized access, misuse, or theft. It involves creating a secure infrastructure
for devices, applications, users, and applications to work in a secure manner.
<According to Cisco>
• Information security – is the protection of information and information systems
from unauthorized access, use, disclosure, disruption, modification, or destruction. This
includes protecting data and information in physical, technical and administrative ways
to ensure its confidentiality, integrity and availability.
• Network security goal - to ensure that
• Network systems prevent unauthorized access to network resources;
• System detects and stop cyberattacks and security breaches in progress;
• authorized users have secure access to the network resources they need, when
they need them.

10
Defining Information Security

Three types of information protection: often called CIA

• Confidentiality
• Only approved individuals may access information
• Integrity
• Information is correct and unaltered
• Availability
• Information is accessible to authorized users

11
Defining Information Security

Protections implemented to secure information

• Authentication
• Ensures the individual is who they claim to be
• Authorization
• Provides permission or approval to specific technology resources
• Accounting
• Provides tracking of events

12
 Information Security: Is It an Art or a Science?

• Implementation of information security is often described

as a combination of art and science.
• “Security artisan” idea: based on the way individuals perceive
system technologists and their abilities.

13
 Security as Art

• No hard and fast rules nor many universally accepted

complete solutions
• No manual for implementing security through entire system

14
 Security as Science
• Dealing with technology designed for rigorous performance
levels.
• Specific conditions cause virtually all actions in computer
systems.
• Almost every fault, security hole, and systems malfunction is a
result of interaction of specific hardware and software.
• If developers had sufficient time, they could resolve and eliminate
faults.
15
 Security as a Social Science

• Social science examines the behavior of individuals

interacting with systems.
• Security begins and ends with the people that interact with
the system, intentionally or otherwise.
• Security administrators can greatly reduce the levels of risk
caused by end users and create more acceptable and
supportable security profiles.

16
War Stories

17
Today’s Security Attacks

Vietnam
Other
13%
countries
28% Brazil
12%

Colombia United
Romania
2% States
Russia
2% 11%
4%
Taiwan
South China
5% 9%
Korea Mexico
6% 8%

Mirai IoT Camera Botnet’s IPs/country (source: incapsula.com [1])

18
The Danger
Hijacked People
• Hackers can set up open “rogue” wireless
hotspots posing as a genuine wireless
network.
• Rogue wireless hotspots are also known as
“evil twin” hotspots.

19
The Danger
Ransomed Companies
• Employees of an organization are often lured into
opening attachments that install ransomware on the
employees’ computers.
• This ransomware, when installed, begins the
process of gathering and encrypting corporate data.
• The goal of the attackers is financial gain, because
they hold the company’s data for ransom until they
are paid.

20
The Danger
Targeted Nations
• Some of today’s malware is so sophisticated
and expensive to create that security experts
believe only a nation state or group of nations
could possibly have the influence and funding to
create it.
• Such malware can be targeted to attack a
nation’s vulnerable infrastructure, such as
the water system or power grid.
• One such malware was the Stuxnet worm
that infected USB drives and infiltrated
Windows operating systems. It then targeted Step
7 software that was developed by Siemens for
their Programmable Logic Controllers (PLCs).

21
Threat Actors

22
Threat Actors
Threat Actors
• Threat actors are individuals or groups of individuals who perform
cyberattacks. They include, but are not limited to:
• Amateurs
• Hacktivists
• Organized crime groups
• State-sponsored groups
• Terrorist groups
• Cyberattacks are intentional malicious acts meant to negatively
impact another individual or organization.

23
Threat Actors
Threat Actors (Contd.)

Amateurs Hacktivists Financial Gain Trade Secrets and Global

• They are also known • These are hackers who • Much of the hacking
Politics
as script kiddies and • At times, nation states hack
publicly protest against a activity that consistently
have little or no skill.
variety of political and threatens our security is other countries, or interfere
• They often use social ideas. motivated by financial with their internal politics.
existing tools or
• They post articles and gain. • Often, they may be
instructions found on
the internet to launch videos, leaking sensitive • Cybercriminals want to interested in using
attacks. information, and gain access to bank cyberspace for industrial
• Even though they use disrupting web services accounts, personal data, espionage.
basic tools, the with illegitimate traffic in and anything else they • The theft of intellectual
results can still be Distributed Denial of can leverage to generate
devastating. property can give a country
Service (DDoS) attacks. cash flow. a significant advantage in
international trade.

24
Threat Actors
How Secure is the Internet of Things?
• The Internet of Things (IoT) helps individuals
connect things to improve their quality of life.
• Many devices on the internet are not updated with
the latest firmware. Some older devices were not
even developed to be updated with patches. These
two situations create opportunity for threat actors
and security risks for the owners of these devices.

25
Threat Impact

26
Threat Impact
PII, PHI, and PSI
• Personally Identifiable Information (PII) is any information
that can be used to positively identify an individual, for example, name,
social security number, birthdate, credit card numbers etc.
• Cybercriminals aim to obtain these lists of PII that can then be sold on
the dark web. Stolen PII can be used to create fake financial accounts,
such as credit cards and short-term loans.
• The medical community creates and maintains Electronic
Medical Records (EMRs) that contain Protected Health
Information (PHI), a subset of PII.
• Personal Security Information (PSI), another type of PII, includes
usernames, passwords, and other security-related information that
individuals use to access information or services on the network.

27
Threat Impact
Lost Competitive Advantage
• The loss of intellectual property to competitors is a serious concern.
• An additional major concern is the loss of trust that comes when a company is unable to protect
its customers’ personal data.
• The loss of competitive advantage may come from this loss of trust rather than another
company or country stealing trade secrets.

28
Threat Impact
Politics and National Security
• It is not just businesses that get hacked.
• State-supported hacker warriors can cause disruption and destruction of vital services and
resources within an enemy nation.
• The internet has become essential as a medium for commercial and financial activities.
Disruption of these activities can devastate a nation’s economy.

29
The Danger Summary

30
The Danger Summary
What Did I Learn in this Module?
• Threat actors can hijack banking sessions and other personal information by using “evil twin”
hotspots.
• Threat actors include, but are not limited to, amateurs, hacktivists, organized crime groups, state
sponsored, and terrorist groups.
• As the Internet of Things (IoT) expands, webcams, routers, and other devices in our homes are also
under attack.
• Personally Identifiable Information (PII) is any information that can be used to positively identify an
individual.
• The medical community creates and maintains Electronic Medical Records (EMRs) that contain
Protected Health Information (PHI), a subset of PII.
• Personal Security Information (PSI) includes usernames, passwords, and other security-related
information that individuals use to access information or services on the network.

31
Module 1

New Terms and Commands

• Evil twin hotspots • Internet of Things (IoT) • Health Insurance Portability and
• Programmable Logic Controllers • Personally Identifiable Information Accountability Act (HIPAA)
(PLCs) (PII) • General Data Protection Regulation
• Threat Actors • Protected Health Information (PHI) (GDPR
• Hacktivists • Electronic Medical Records • Personal security information (PSI)
• Cyberattacks (EMRs) • Cyberwarfare
• Distributed Denial of Service
(DDoS)

32
The end of module 1

33